Implement support for git-crypt secrets

[cedi]

If this pull-request is approved and merged, it will enable users of fluxcd to use git-crypt.
Currently flux only supports git-secrets.

However during the evaluation of fluxcd we looked into git-secret and how it differs from git-crypt, since our current secrets are all encrypted using git-crypt.
To us it was not feasible to switch from git-crypt to git-secrets, and we think others have those problems as well.
We decided to implement git-crypt support in flux and contribute it back to the community.

git-crypt was first mentioned in #1676, however git-secret was implemented in #2159.
The most recent issue I could find, asking for git-crypt support, is #2904

The changes where tested by @rwin-novo (see cedi/flux/pull/1 which was opened for an internal review).

Signed-off-by: cedi [email protected]

[cedi]

@hiddeco @stefanprodan @2opremio could I get some feedback on this?

[hiddeco]

First of all, thank you for putting effort into this. 🌻

As you may have noticed from the notice at the top of the README.md or the announcement last week, we are moving towards a "Flux v2" which is composed of GitOps Toolkit components. Due to this we are very careful about extending the current Flux functionalities, as this creates the expectation that those will be supported in a way using GOTK components.

For "Git secret providers" there is additional weight due to the component based structure of Flux v2, as it will work a bit different from how it all works today. The discussion around the design of SOPS support has started in the following discussion to give you an idea: fluxcd/flux2#156, and I would like to invite you to contribute to this and/or or create a new discussion / proposal for the support of git-crypt secrets.

[cedi]

Hey @hiddeco
thanks for getting back to me.

I saw the announcement for "Flux v2" / GitOps Toolkit and I am definitely up to participate in the integration of git-crypt/git secret providers in Flux v2 as well.

Thanks for pointing me in the right direction and to the discussions and I think I will spend some spare-time on it 😄
I totally understand your concerns of not adding new features to Flux v1 that are not strictly necessary and hope we can collaborate on getting this to v2.

[kingdonb]

Thank you for your contribution.

As some time has passed since this was submitted and there has been no follow-up for a while, I think it's safe to close. Hopefully you have made it to Flux v2 and are getting what you need from the new version of the project! Closing.